New Phishing-as-a-Service, Robin Banks

Industries: Entertainment, Financial, Technology | Level: Strategic | Source: IronNet

Researchers from IronNet have discovered Robin Banks, a new phishing-as-a-service (PhaaS) platform, active since March 2022. The service offers phishing kits to exploit customers of renowned financial, entertainment, and technology services. Cybercriminals can leverage the service to generate social engineering campaigns with ready-made phishing kits "Financial institutions advertised on the website include: Bank of America, Capital One, Citibank, Wells Fargo, and more. They also offer templates to phish Google, Microsoft, T-Mobile information, as well as international companies like Lloyds Bank of England, Netflix in Canada, and Commonwealth Bank in Australia." To receive access to the Robin Banks web application, a user must create login credentials and deposit Bitcoin as a payment with a single page access offer for $50/month and $200/month for full access. The authors behind the PhaaS service were observed to actively update templates for campaigns. The kits offer threat actors the ability to initiate initial access through crafted SMS messages or emails. IronNet has observed successful phishing campaigns utilizing the service, resulting in compromised credentials being sold on the dark web. Currently, no attribution is found for the authors behind the service, and monetarily, the service appears to have generated over $500,000 in funds with the figure rising daily.

‍